A wave of fake e-mail greeting cards is luring users into downloading a Trojan, Websense Security Labs has warned.
The HTML e-mails are in Portuguese and say, “Uma pessoa que lhe ama de verdade enviou um cartao virtual para voce,” which translates as: “A person who loves you has sent you a virtual card.”
The e-mails also contain one of a selection of poems – also in Portuguese – while a sample screenshot released by Websense shows a decorative design with a top border of hearts and a large pink flower in the middle.
Multiple links in the e-mail direct recipients to a website hosting the Trojan, a password-stealing keylogger.
The Trojan monitors recipients’ access to some financial websites, and can then capture account information, which is then delivered by e-mail to the attacker's address, Websense warned.
The Trojan propagates itself by sending itself to e-mail addresses mined from the user’s workstation.